Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
Ransomware Negotiation


GroupSense will guide you through a ransomware attack.



Call in a GroupSense ransomware negotiator.

Our team of expert negotiators help you control the situation and navigate the negotiation to deliver a best result for your organization.
Read how we helped others in The New Yorker >


Threat actors have not only expanded, but adopted new business models. They have service departments and quick response times. However, they are still criminals out to steal your hard-earned money.
Unfortunately, once you have been attacked and business is shut down, there’s very little you can do but negotiate. There is the choice of not negotiating with criminals. Here’s some factors to consider:
  • What data do they have?

    Healthcare attacks in 2020 involved the theft or exposure of the protected health information of at least 18,069,012 patients. For organizations in the Tech or Financial Services industry, this data could range from customer PII to private company financial records. There is no guarantee the data stolen won't be leaked on the dark web. 

  • How will a release of the data affect business?

    A release of private patient or customer data can erode trust in your business. It can lead to reputational damage, as well as open lawsuits from those who were affected by the attack. Paying the ransom may prevent the data from being released, however it is not guaranteed. 

  • What is the state of your backups?

    Backups can also be encrypted if they aren't properly secured. Some businesses choose to backup their data on the weekend, a time when ransomware threat actors favor carrying out their attacks, leading to a loss of data. You can find more tips on how to set up your backups here.

  • What loss of business will you experience?

    On average, ransomware attacks cause 15 business days of downtime. Because of the lack of business activity, victims of ransomware lose around $8,500 an hour.

  • What will the Public Relations cost be?

    Loss of business can happen after the attack as well, with patients or customers affected choosing to go with different brands for their needs. As an example, 49% of potential patients said they would change hospitals if their healthcare organization was hit by a ransomware attack. Handling the PR well after the attack is vital to maintain trust in your data security.

  • What will a successful attack cost me?

    Ransom payments typically account for less than 20% of the total cost of a ransomware attack. Of that $5.66 million figure each year, just $790,000 accounts for ransom payments. Research shows businesses suffer most of their losses through lost productivity and the time-consuming task of containing and cleaning up after a ransomware attack.


GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks. Get ransomware ready with our Ransomware Response Readiness Solution (R3S). 

Early Warning

When there's a threat or breach, you'll be the first to know.



We take on the negotiation services allowing you to deal with your business operations.


Incident Response

We'll guide you and your security team's response to ensure you can deal with the threat properly and securely.


Public Relations

Our experts will help deal with the reputational backlash.



You'll have our full knowledge and experience at your disposal to deal with new ransomware incidents.



Automated and refreshed data on impending threats or risks of new cyber attacks. 

Find Out More on R3S



Our expert negotiators have extensive experience resolving ransomware attacks, including arranging the destruction of exfiltrated (stolen) data to reduce the damage caused by ransomware/data theft attacks. 


We provide comprehensive services for evaluating and confirming ransomware attacks and conducting post-attack remediation activities.
  • Threat Evaluation

    Ransomware attacks need to be assessed for legitimacy. Once the threat has been confirmed, our team will attempt to identify the threat actor responsible and develop a negotiation and mitigation strategy based on their recent cyber attack history.

  • Threat Actor Engagement

    Threat actors may seem like faceless criminals – but they are human beings who need to be engaged in a special manner. Once their claims have been verified,  our negotiators will begin to attempt to build trust and rapport for a positive outcome.

  • Ransomware Negotiation

    Novices are always at a disadvantage in negotiations with experienced professionals, and since most companies do not have access to experienced ransomware negotiators, threat actors usually have a decided advantage. GroupSense levels the playing field with experienced negotiators who can effectively reduce ransom demands and manage the cryptocurrency transaction once the negotiation is complete.

  • Post-Transaction Services

    There are a number of activities which need to be carried out post-transaction to reduce the potential damage of the ransomware attack. These include monitoring the threat actor to prevent a repeat attack, obtaining access to any stolen data and communicating with all necessary parties about the attack, such as insurance companies or public relations firms.

Ransomware Prevention
Learn how to handle and move forward from a ransomware attack.
Read our ransomware negotiation guide to find out more.


Download the ransomware negotiation guide


Ransomware Negotiation Datasheet


Download Ransomware Negotiation Datasheet to learn more about GroupSense.